cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by ght (2016-07-05 00:26:13)
Running from C:\Users\ght\Desktop
Windows 10 Pro Version 1511 (X64) (2016-06-30 18:41:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1893985918-689026998-722324329-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1893985918-689026998-722324329-503 - Limited - Disabled)
ght (S-1-5-21-1893985918-689026998-722324329-1002 - Administrator - Enabled) => C:\Users\ght
Guest (S-1-5-21-1893985918-689026998-722324329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1893985918-689026998-722324329-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Disabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Disabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Pro Evolution Soccer 2016» 1.8.0.0 (HKLM-x32\...\«Pro Evolution Soccer 2016»_is1) (Version: 1.8.0.0 - KONAMI)
µTorrent (HKU\S-1-5-21-1893985918-689026998-722324329-1002\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Canon LBP6020 (HKLM\...\Canon LBP6020) (Version: - )
Catalyst Control Center Next Localization BR (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0621.1741.29990 - Advanced Micro Devices, Inc.) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.19.52 - Conexant)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.5.930 - Foxit Software Inc.)
FPatch PES 16 (HKLM\...\{AADC303A-30F8-48C8-89AC-376AC23D2DC5}) (Version: 1.0.0 - Group FPEdit)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4360 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Larousse Médical (HKLM-x32\...\{11DA34AE-A565-4659-86BE-11252557783F}) (Version: - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
The Amazing Spider-Man 2 (HKLM-x32\...\The Amazing Spider-Man 2_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
UltraISO Premium V9.65 (HKLM-x32\...\UltraISO_is1) (Version: - )
Viber (HKU\S-1-5-21-1893985918-689026998-722324329-1002\...\{e577cb09-2068-44fb-8eed-cfcc1617b010}) (Version: 5.3.0.1884 - Viber Media Inc.)
Viber (x32 Version: 5.3.0.1884 - Viber Media Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.13.0 (HKLM\...\VulkanRT1.0.13.0) (Version: 1.0.13.0 - LunarG, Inc.)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
ZHPFix 2015 (HKLM-x32\...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1893985918-689026998-722324329-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ght\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01EB583B-E8C3-403E-97D2-50BD1BFA13AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0E0FE01A-DB57-413B-9821-0C90CD803A7F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0EA24334-BB72-4453-806B-4152819C3D8A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {17AF6FE1-F125-43EB-B0CE-9DCFAC64486C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2B9265A1-0BCD-448B-95EB-536DADD635D0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {6103FA4A-7EF6-4ECB-AE82-50C9F78B78D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {63F391C2-95AB-4292-B7A1-017DA5E7D39E} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {676E248A-9F90-473F-9967-CE74AB2E3E57} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {69901AAB-7A09-4F1F-A810-95DAA1DD6BA9} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {6EF3093C-C03C-4C54-989A-83FE1AAE1B6D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7282CB9E-5843-4A2F-AFC6-F055CE6A91F2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {79F61BED-5802-4F56-AC2F-23ADA03E89D2} - \AutoKMS -> No File <==== ATTENTION
Task: {7D32F304-4692-47ED-83FE-2B172FE6B124} - System32\Tasks\{39C7CA80-EFA4-4E9F-A546-B840FF48BB04} => pcalua.exe -a E:\GaMeEs\Windows\NFS\EASetup.exe -d E:\GaMeEs\Windows\NFS
Task: {80507FA9-F593-4BC6-A650-9C71B666E2BE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {81FEFEDC-5081-404F-B02B-2BD653AC0FBB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8342FCFC-E32C-405C-AED2-2814AD73A9D7} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-06-21] (Advanced Micro Devices, Inc.)
Task: {871DCC27-281F-41CE-ACF3-18A599561431} - \Optimize Start Menu Cache Files-S-1-5-21-1893985918-689026998-722324329-1001 -> No File <==== ATTENTION
Task: {8E9DB703-51AE-40D5-94C4-C5900BE984A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {989AD617-85AE-4F5D-B25F-91C85A3D995F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {A907408E-DA7D-4305-95B1-F9362F5DD331} - \WinTaske -> No File <==== ATTENTION
Task: {AB89B1A5-C863-4BCF-89F2-1C0F4F6693FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {C4DC8818-4B07-427D-BC7B-32C4BA4D0EC0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D4FB9684-B16D-4324-A2F1-21C2EC6A8E88} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D8EF58E3-BBC9-46EC-8292-1BEB4A17926A} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DCEB57E0-181E-4F2A-8033-2AF44181714E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E28A2072-35E8-4FD6-9229-F682EDF48AB1} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BUMBA_WORLD-ght BUMBA_WORLD => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {FA287B1F-6AB8-44D8-B974-EA5020701C85} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-01 00:40 - 2016-07-01 00:40 - 00066872 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-07-01 03:48 - 2016-07-01 03:48 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-01 03:48 - 2016-07-01 03:48 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-30 19:50 - 2016-06-30 19:50 - 00959168 _____ () C:\Users\ght\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2012-10-01 20:36 - 2012-10-01 20:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-07-01 20:49 - 2016-07-01 20:50 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-27 07:10 - 2016-04-27 07:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-01 03:49 - 2016-07-01 03:49 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-01 03:48 - 2016-07-01 03:48 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-01 03:48 - 2016-07-01 03:48 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-01 03:48 - 2016-07-01 03:48 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-01 03:48 - 2016-07-01 03:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-07-01 20:59 - 2016-07-01 20:59 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-07-01 20:59 - 2016-07-01 20:59 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-01 20:59 - 2016-07-01 20:59 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-07-01 20:48 - 2016-07-01 20:48 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-07-01 20:49 - 2016-07-01 20:50 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-01 20:49 - 2016-07-01 20:50 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-30 19:49 - 2016-06-30 19:49 - 00679624 _____ () C:\Users\ght\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\Drivers\nhuafbqt.sys:changelist [308]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1893985918-689026998-722324329-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ght\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{7c3e9010-1a89-4276-8ef3-9173d726ef7a}.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1893985918-689026998-722324329-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1893985918-689026998-722324329-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1893985918-689026998-722324329-1002\...\StartupApproved\Run: => "Viber"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1EF18414-4139-4177-A016-D768B1BFD0E5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{93C54A4A-2529-4FFE-8E1D-5277A8B5036A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8F558803-23CD-457A-B77F-F25004423E3E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{03B6BD39-3AF4-4773-B30C-41CB8DCA31ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B841B732-F400-418F-B614-8ED9A1F72FAA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03DCD94A-0820-4880-BCCD-C05C714BAFB2}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{A3895B38-390B-4E31-82C7-9AF67C8FC355}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{65128038-7A7B-4A3F-82FA-75A4FCA6C29A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B1CADB34-C07F-4846-8287-F9E670AB6BBA}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{78102697-117A-4B27-BB71-4DDABA5D8C28}] => (Allow) C:\Users\ght\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01DE25B2-7B3D-4A7B-A097-726D2EFD5289}] => (Allow) C:\Users\ght\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8785BFED-83D7-482C-9708-6749DE1818EC}] => (Allow) C:\Users\ght\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8B15A1CE-C439-4921-B01D-02A012B04C81}] => (Allow) C:\Users\ght\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D92F3809-38E6-41FB-9122-4BC8D1BF3402}] => (Allow) C:\Users\ght\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{264ECA1C-A882-49F6-B583-F390B4BE06C0}] => (Allow) C:\Users\ght\AppData\Roaming\uTorrent\uTorrent.exe

==================== Restore Points =========================

01-07-2016 00:27:56 Installed DirectX
02-07-2016 02:32:36 Installed DirectX
02-07-2016 04:59:39 JRT Pre-Junkware Removal
04-07-2016 20:58:05 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2016 09:50:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1500) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU000A5.log.

Error: (07/04/2016 08:58:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/04/2016 08:58:05 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4ea9d64b-382c-45fb-bfca-dc52f719c70e}

Error: (07/04/2016 08:57:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 2.7.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 120

Start Time: 01d1d62e434e62fd

Termination Time: 11

Application Path: C:\Users\ght\Desktop\FRST64.exe

Report Id: 93247fbd-4221-11e6-82dc-f406693a8a35

Faulting package full name:

Faulting package-relative application ID:

Error: (07/04/2016 06:13:48 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/03/2016 08:03:35 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BUMBA_WORLD)
Description: Activation of app Microsoft.Messaging_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/03/2016 07:41:38 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/03/2016 05:47:37 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/03/2016 05:47:32 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (07/03/2016 06:31:07 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error


System errors:
=============
Error: (07/04/2016 09:51:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (07/04/2016 09:51:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (07/04/2016 09:00:49 PM) (Source: DCOM) (EventID: 10010) (User: BUMBA_WORLD)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/04/2016 09:00:49 PM) (Source: DCOM) (EventID: 10010) (User: BUMBA_WORLD)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/04/2016 09:00:48 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_12ad632 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 09:00:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/04/2016 09:00:47 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056 = An instance of the service is already running.


Error: (07/04/2016 08:58:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/04/2016 08:58:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/04/2016 08:58:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2016-07-04 04:19:46.699
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-04 04:19:46.614
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-03 00:41:31.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-02 05:18:33.756
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-07-02 04:56:13.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-02 04:56:13.457
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-07-01 00:30:05.041
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-30 20:11:18.349
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-30 19:15:42.894
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-06-30 18:55:44.070
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 24%
Total physical RAM: 8112.23 MB
Available physical RAM: 6109.58 MB
Total Virtual: 10022.23 MB
Available Virtual: 8107.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.63 GB) (Free:198.92 GB) NTFS
Drive d: (°° PhàRmàCiè °°) (Fixed) (Total:292.97 GB) (Free:274.14 GB) NTFS
Drive e: (Images , Films , Music) (Fixed) (Total:345.57 GB) (Free:153.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3774E703)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=345.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Publicité


Signaler le contenu de ce document

Publicité